WP-SpamShield Plugin for WordPress – Robust Anti-Spam Protection

WP-SpamShield Plugin for WordPress is robust and user-friendly anti-spam plugin that stops blog comment spam cold.

Stop Blog Comment Spam Cold

 
WP-SpamShield - a powerful anti-spam plugin for WordPressAn extremely powerful anti-spam plugin for WordPress that eliminates comment spam, including trackback and pingback spam. It works invisibly without CAPTCHA’s, or other inconvenience to site visitors. This WordPress plugin includes spam-blocking contact form feature, and protects your site from spam user registrations as well. See what it’s like to run a WordPress site without spam!

Download Plugin

Latest Version — 1.4.8: Download Now

Or you can install from your WordPress Admin: Go to Plugins --> Add New --> Type "WP-SpamShield" in the Search Box

Follow WP-SpamShield on Twitter: @WPSpamShield
Tech Support: WP-SpamShield Support

Translate This

Translate »
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18
  • 18


Quick Navigation – Contents

  1. Description
  2. Background
  3. Features
  4. See What Others Have Said About WP-SpamShield
  5. How It Works
  6. Installation Instructions
  7. Displaying Spam Stats on Your Blog
  8. Installing a WordPress Contact Form on Your Blog
  9. Configuration Information
  10. Changelog / Version History
  11. Known Issues and Plugin Conflicts
  12. Troubleshooting Guide / Support
  13. Frequently Asked Questions (FAQ’s)
  14. Let Others Know About WP-SpamShield
  15. WordPress Security Note
  16. Download Plugin / Documentation
  17. Translators


Description

Let’s face it, everyone hates spam. (Except spammers.) Blog spam has been a huge problem for bloggers since the invention of blogs, and it’s not going away…in fact it’s getting worse, and now has expanded to include comment spam, trackback spam, and user registration spam.

Spam is a reputation, SEO, and security problem for website owners. The worst kind, and most prolific, is automated comment spam that comes from bots. There are quite a few solutions out there, but most of them either don’t work effectively, or annoy users by using CAPTCHA’s or challenge questions. If site usability is a priority, then CAPTCHA’s have no place on a website.

Well, finally there is an effective and invisible solution, without CAPTCHA’s, challenge questions, or other inconvenience to site visitors. The WP-SpamShield plugin stops comment spam cold, including trackback and pingback spam.

[ BACK TO TOP ]


Background

Before I developed the predecessor to this plugin (WP-SpamFree) back in 2007, our team and clients experienced the same frustration you do with comment spam on your blog. Every blog we manage had comment moderation enabled, Akismet and various other anti-spam plugins installed, but we still had a ton of comments tagged as spam by Akismet that we had to sort through. This wasted a lot of valuable time, and we all know, time is money. We needed a solution.

Comment spam stems from an older problem — automated spamming of email contact forms on web sites. I developed a successful fix for this a while ago, and later applied it to our WordPress blogs. It was so effective, that I decided to add a few modifications and turn it into a WordPress plugin to be freely distributed. Blogs we manage used to get an excessive number of spam comments show up on the Akismet Spam page each day – now the daily average is zero spam comments.

To further the development of this plugin, I now study thousands and thousands of potential spam comments from many test blogs and contributors. I also developed custom software that data-mines and analyzes thousands of spam comments daily. I use a special diagnostic version of the plugin, which provides much more information on each of these spam comments than what is shown in WordPress. By analyzing patterns and behaviors consistent with spam, I can continually improve the plugin and ensure future accuracy. Before each new version is released, the plugin is tested on numerous servers, WordPress configurations, and browsers.

[ BACK TO TOP ]


Features

  1. Virtually eliminates automated comment spam from bots. It works like a firewall to ensure that your commenters are in fact, human.
  2. No CAPTCHA’s, challenge questions or other inconvenience to site visitors — it works silently in the background.
  3. Internationalization and localization available. Currently includes French (fr_FR), German (de_DE), and Serbian (sr_RS) translations. Ready for translation into other languages.
  4. Includes drop-in spam-free contact form. Easy to use — no configuration necessary.
  5. Protects your site from user registration spam. No more automated bot signups through the login page on your site.
  6. A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
  7. See what’s been blocked! “Blocked Comment Logging Mode”, a temporary diagnostic mode that logs blocked comments and contact form submissions for 7 days, then turns off automatically. If you want to see what’s been blocked, or verify that everything is working, turn this on and see what WP-SpamShield is protecting your blog from.
  8. No false positives, which leads to fewer frustrated readers, and less work for you.
  9. You won’t have to waste valuable time sifting through a spam queue anymore, because there won’t be much there, if anything.
  10. Powerful trackback and pingback spam protection and validation.
  11. Easy to install — truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
  12. The beauty of this plugin is the methods of blocking spam. It takes a different approach than most and stops spam at the door.
  13. The code has an extremely low bandwidth overhead and won’t slow down your blog (very light database access), unlike some other anti-spam plugins.
  14. Compatible with popular cache plugins, including WP Super Cache and others. Not all anti-spam plugins can say that.
  15. Display your blocked spam stats on your blog. Widgets and shortcodes for graphic counters to display spam stats, multiple sizes and options.
  16. Helps keep your database slimmer and more efficient.
  17. Works in WordPress Multisite as well. (See the related FAQ for details.)
  18. Enhanced Comment Blacklist option. Instead of just sending comments to moderation as with WordPress’s default Comment Blacklist functionality, with this turned on, anything that matches a string in the blacklist will be completely blocked. Also adds a link in the comment notification emails that will let you blacklist a commenter’s IP with one click.
  19. It’s completely free for both commercial and personal use.
  20. A plug and play replacement and upgrade for WP-SpamFree. This is a far more advanced fork of it, with improved page load speed, security, and spam-blocking power, by its original developer. It will import your old data from WP-SpamFree automatically upon installation and activation, and features you were using on your site previously such as contact forms and spam stats will continue to work without any changes to pages, posts, or theme.
[ BACK TO TOP ]


See What Others Have Said About
WP-SpamShield


 

@WPSpamShield you guys / gals are lifesavers! – on average you have blocked 1596 spam comments A DAY!! – you rock!

- Rip3d (Twitter)
 

@WPSpamShield I love you WP-SpamShield. Average spam blocked daily: 112

- MessyMoney (Twitter)
 

Do you get lots of comment spam on your WP blog? http://wordpress.org/plugins/wp-spamshield/ … Best plugin I’ve ever used in dealing with +2M spam so far

- Harold Jarche (Twitter)
 

While there are numerous anti-spam plugins out there, WP-SpamShield Anti-Spam is a completely backend solution that promises no CAPTCHAs. It’s easy to setup and blocks comment spam before it’s ever posted. This includes ping back and trackback spam, too.

What I liked here is that it doesn’t just work on blog comments. It works on your contact form, too. Nothing like giving spam the ol’ one, two punch! And it promises to work like a firewall against bot-generated comment spam.

- Top 10 Free WordPress Plugins of the Month – April 2014 | ManageWP
 

With Akimset, ~5,000 spam comments on my blog per day. Installed WP-SpamShield this a.m., current spam = 7. #results

- CAHeidelberger (Twitter)
 

Before I had this, I constantly had to filter and block comments for being spam… but with WP- Spam Shield it shaves off those minutes that I had to spend filtering comments. It makes my life way easier with blogging, and allows me to have a piece of mind when I work on my blog!

This plugin is super easy to install, and as soon as you activate it, you are all set and it will begin to block spam comments!

- Boost Your Website’s Health And Strength With These Awesome WordPress Plugins | Website Hike
 

Instalé este plugin en la página y adiós spam. Hasta ahora me ha funcionado muy bien, cero spam. ;) (Translation: “I installed this plugin on the page and goodbye spam. So far has worked for me very well, zero spam. ;)”)

- Alejandro Cifuentes (Twitter)
 

While there are numerous spam control plugins out there, WP-SpamShield Anti-Spam definitely nudges ahead of them all. Easy to setup and blocks comment spam before it’s even posted (that too without CAPTCHAs). This plugin also supports trackback and pingback spam and works on your contact form too. Your search for the best anti spam plugin probably ends here.

- The small list of BIG WORDPRESS PLUGINS | The BigRock Blog
 

From Reviews of the plugin on WordPress.org:

The Real Deal. Highly Recommended! Stops Spam comments 100%. Stops human spammers from using proxy servers. Now on two blogs, and loving the freedom from spam registrations and spam comments. Thank you!

- Mike Jaquish
 

Catches ALL Comment Spam SpamShield put an immediate stop to ALL comment spam. Scott provides regular updates to keep it working great. I use it with WordFence and between the two of them I am no longer concerned with hackers.

- jhaugen
 

Other Mentions from Around the Web:


 

More coming soon.


 

Read more comments about WP-SpamShield’s anti-spam powers…

If you like WP-SpamShield, please let others know by giving it a good rating on WordPress.org!

[ BACK TO TOP ]


How It Works

Most of the spam hitting your blog originates from bots. Few bots can process JavaScript. Few bots can process cookies. Fewer still, can handle both.

In a nutshell, this plugin uses a combo of JavaScript and cookies (on steroids) to weed out the humans from spambots, preventing 99.9%+ of automated spam from ever getting to your site. Almost 100% of web site visitors will have these turned on by default, so this type of solution works silently in the background, with no inconveniences. There are extremely few users (less than 2%) that have JavaScript and/or cookies turned off by default, but they will be prompted to turn those back on to post their comment.

Stats show that among all Internet users, less than 2% have JavaScript turned off, and less than 1% have cookies turned off. This requirement isn’t anything out of the ordinary because almost every single modern websites requires the use of JavaScript and cookies for key features — AJAX, for example, won’t work if JS is disabled.

Overall, the very few that might be inconvenienced because they have JS and cookies turned off will be far fewer than the 100% who would be annoyed by CAPTCHA’s, challenge questions, and other validation methods.

WP-SpamShield has multiple randomly generated keys across several methods, along with several additional security features that further decrease the likelihood of an automated spam comment getting through. These security keys re-generate on a regular basis.

Some would argue that this is too simplistic an approach. Many programmers prefer using some type of basic AI (community-based, etc) to fight bots by trying to figure out if a comment is spam. While that isn’t a bad idea, it falls short because no machine AI can ever accurately judge whether a comment is spam – many spam comments get through that could easily have been stopped, and there are many false positives where non-spam comments get flagged as spam. Others may argue that some spammers have programmed their bots to read JavaScript, etc. In reality, the percentage of bots with these capabilities is still extremely low – less than 1%. It’s simply a numbers game.

Statistics tell us that an effective solution would involve using a technology that few bots can handle, therefore eliminating their ability to spam your site. The important thing in fighting spam is that we create a solution that can reduce spam noticeably and improve the user experience, and a 99% reduction in spam would definitely make a difference for most bloggers and site visitors.

Even so, it’s important to know that the particular JS and cookies solution used in the WP-SpamShield anti-spam plugin has evolved quite a bit, and is no longer simple at all. There are now two layers of protection, a JavaScript/Cookies Layer, and an Algorithmic Layer. Even if bot authors could engineer a way to break through the JavaScript/Cookies Layer, the Algorithmic Layer would still stop 95% of the spam that the JavaScript Layer blocks. (I’m working to make this 100% for fully redundant protection.) This JavaScript Layer utilizes randomly generated keys, and is algorithmically enhanced to ensure that spambots won’t beat it. The powerful Algorithmic Layer is what eliminates trackback/pingback spam, and much human spam as well. And, it does all that without hindering legitimate comments and trackbacks.

The trackback validation contains a filter that compares the client IP address of the incoming trackback against the IP address of the server where the link is supposedly coming from. If they don’t match, then it is spam, without fail. This alone eliminates more than 99.99% of trackback spam. Trackback spammers don’t send spam out from the same server where their clients’ websites reside.

As of Version 1.2 the plugin also includes powerful protection from user registration spam. Any automated registration attempts on your site will be blocked. Once you install WP-SpamShield, you don’t have to worry about bots or spammy users signing up on your site anymore.

The bottom line, is that this plugin just plain works, and is a powerful weapon against spam.

[ BACK TO TOP ]


Installation Instructions

Option 1: Install the plugin directly through the WordPress Admin Dashboard (Recommended)

  1. WP-SpamShield Installation InstructionsGo to Plugins -> Add New.
     
  2. Type WP-SpamShield into the Search box, and click Search Plugins.
     
  3. When the results are displayed, click Install Now.
     
  4. When it says the plugin has successfully installed, click Activate Plugin to activate the plugin (or you can do this on the Plugins page).
     

Option 2: Install .zip file through WordPress Admin Dashboard

  1. Go to Plugins -> Add New -> Upload.
     
  2. Click Choose File and find wp-spamshield.zip on your computer’s hard drive.
     
  3. Click Install Now.
     
  4. Click Activate Plugin to activate the plugin (or you can do this on the Plugins page).
     

Option 3: Install .zip file through an FTP Client (Recommended for Advanced Users Only)

  1. After downloading, unzip file and use an FTP client to upload the enclosed wp-spamshield directory to your WordPress plugins directory (usually /wp-content/plugins/) on your web server.
     
  2. Go to your Plugins page in the WordPress Admin Dashboard, and find this plugin in the list.
     
  3. Click Activate to activate the plugin.
     

Next Steps After Installation

  1. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamShield page in your Admin. It’s a submenu link under the Settings. Go the the ‘Installation Status’ area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamShield in, delete any WP-SpamShield files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over. If it is installed correctly, then move on to the next step.
     
  2. Select desired configuration options.
     
  3. If you are using front-end anti-spam plugins (CAPTCHA’s, challenge questions, etc), be sure they are disabled since there’s no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
     
  4. Install a contact form if you like. (See below)
     

You’re done! Sit back and see what it feels like to live without comment spam, trackback spam, and registration spam!

If you’re not familiar with WordPress plugin installation, you may want to read this article:

For Best Results

WP-SpamShield was created specifically to stop automated comment spam (which accounts for over 99.9% of comment spam), and we have built in many features that combat human comment spam and completely eliminate trackback/pingback spam. Unfortunately, no plugin can perfectly detect human comment spam. As other experts will tell you, the most effective strategy for blocking spam involves applying a variety of techniques.

For best results, enable comment moderation in your WordPress Settings. (If you desire a backup, feel free to use Akismet, as the two plugins are compatible, even though it’s probably not necessary. I would recommend not using any other spam plugins at the same time, in order to keep keep your web server load down and prevent conflicts.)

[ BACK TO TOP ]


Displaying Spam Stats on Your Blog

Want to show off your spam stats on your blog and tell others about WP-SpamShield? Simply add the following code to your WordPress theme where you’d like the stats displayed:

<?php if ( function_exists(spamshield_counter) ) { spamshield_counter(1); } ?>

where ’1′ is the style. Replace the ’1′ with a number from 1-9 that corresponds to one of the images below that matches the style you’d like to use. To simply display text stats on your site (no graphic), replace the ’1′ with ’0′.

To add it to any page or post, add the following shortcode to the page or post where you'd like the stats displayed (using the HTML editing tab, NOT the Visual editor):

[spamshieldcounter style=1]

where '1' is the style. Replace the '1' with a number from 1-9 that corresponds to one of the images below that matches the style you'd like to use. To simply display text stats on your site (no graphic), replace the '1' with '0'.

spamshield counter lg bg 1 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 2 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 3 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 4 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 5 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 6 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 7 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 8 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter lg bg 9 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protection

Small Counter

To add smaller counter to your site, add the following code to your WordPress theme where you'd like the stats displayed:

<?php if ( function_exists(spamshield_counter_sm) ) { spamshield_counter_sm(1); } ?>

where '1' is the style. Replace the '1' with a number from 1-5 that corresponds to one of the images below that matches the style you'd like to use.

To add it to any page or post, add the following shortcode to the page or post where you'd like the stats displayed (using the HTML editing tab, NOT the Visual editor):

[spamshieldcountersm style=1]

where '1' is the style. Replace the '1' with a number from 1-5 that corresponds to one of the images below.

spamshield counter sm bg 1 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter sm bg 2 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter sm bg 3 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter sm bg 4 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protectionspamshield counter sm bg 5 preview WP SpamShield Plugin for WordPress   Robust Anti Spam Protection

Or, you can simply use the widget. It displays stats in the style of small counter #1. Now you can show spam stats on your blog without knowing any code.

[ BACK TO TOP ]


Installing a WordPress Contact Form on Your Blog

First create a page (not post) where you want to have your contact form. Then, insert the following shortcode (using the HTML editing tab, NOT the Visual editor) and you're done: [spamshieldcontact]

If you had previously been using WP-SpamFree and have contact forms implemented on your site, WP-SpamShield is a plug and play replacement so your old data will automatically be imported, and your pages that use the old implementation, <!--spamfree-contact--> will work without any modification.

There is no need to configure the form. It allows you to simply drop it into the page you want to install it on. However, there are a few basic configuration options. You can choose whether or not to include Phone and Website fields, whether they should be required, add a drop down menu with up to 10 options, set the width and height of the Message box, set the minimum message length, set the form recipient, enter a custom message to be displayed upon successful contact form submission, and choose whether or not to include user technical data in the email.

If you want to modify the style of the form using CSS, all the form elements have an ID attribute you can reference in your stylesheet.

What the Contact Form feature IS: A simple drop-in contact form that won't get spammed.
What the Contact Form feature is NOT: A configurable and full-featured plugin like some other contact form plugins out there.
Note: Please do not request new features for the contact form, as the main focus of the plugin is spam protection. Thank you.

[ BACK TO TOP ]


Configuration Information

Spam Options

Blocked Comment Logging Mode
This is a temporary diagnostic mode that logs blocked comment submissions for 7 days, then turns off automatically. If you want to see what spam has been blocked on your site, this is the option to use. Also, if you experience any technical issues, this will help with diagnosis, as you can email this log file to support if necessary. If you suspect you are having a technical issue, please turn this on right away and start logging data. Then submit a support request, and we'll email you back asking to see the log file so we can help you fix whatever the issue may be. The log is cleared each time this feature is turned on, so make sure you download the file before turning it back on. Also the log is capped at 2MB for security. This feature may use slightly higher server resources, so for best performance, only use when necessary. (Most websites won't notice any difference.)

Log All Comments
Requires that Blocked Comment Logging Mode be engaged. Instead of only logging blocked comments, this will allow the log to capture all comments while logging mode is turned on. This provides more technical data for comment submissions than WordPress provides, and helps us improve the plugin. If you plan on submitting spam samples to our us for analysis, it's helpful for you to turn this on, otherwise it's not necessary. If you have any spam comments that you feel WP-SpamShield should have blocked (usually human spam), then please submit a support request. When we email you back we will ask you to forward the data to us by email.

This extra data will be extremely valuable in helping us improve the spam protection capabilites of the plugin.

Enhanced Comment Blacklist
Enhances WordPress's Comment Blacklist — instead of just sending comments to moderation, they will be completely blocked if this is enabled. (Useful if you receive repetitive human spam or harassing comments from a particular commenter.) Also adds one-click blacklisting - a link will now appear in the comment notification emails that you can click to blacklist a commenter's IP. This link appears whether or not the feature is enabled. If you click the link and this feature is disabled, it will add the commenter's IP to the blacklist but blacklisting will operate according to WordPress's default functionality.

The WP-SpamShield blacklist shares the WordPress Comment Blacklist data, but the difference is that now when a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be completely blocked, not just marked as spam. One word or IP per line...add each new blacklist item on a new line. If you're not sure how to use it, start by just adding an IP address, or click on the link in one of the notification emails. It is not case-sensitive and will match included words, so "press" on your blacklist will block "WordPress" in a comment.

Disable trackbacks.
Use if trackback spam is excessive. It is recomended that you don't use this option unless you are experiencing an extreme spam attack.

Disable pingbacks.
Use if pingback spam is excessive. The disadvantage is a reduction of communication between blogs. When blogs ping each other, it's like saying "Hi, I just wrote about you" and disabling these pingbacks eliminates that ability. It is recomended that you don't use this option unless you are experiencing an extreme spam attack.

Allow users behind proxy servers to comment?
Most users should leave this unchecked. Many human spammers hide behind proxies. Leaving this unckecked adds an extra layer of spam protection. In the rare even that a non-spam commenter gets blocked by this, they will be notified what the situation is, and instructed to contact you to ask you to modify this setting.

Hide extra technical data in comment notifications.
The plugin now addes some extra technical data to the comment moderation and notification emails, including the referrer that brought the user to the page where they commented, the referrer that brought them to the WordPress comments processing page (helps with fighting spam), User-Agent, Remote Host, Reverse DNS, Proxy Info, Browser Language, and more. This data is helpful if you ever need to submit a spam sample. If you dislike seeing the extra info, you can use this option to prevent the info from being displayed in the emails. If you don't mind seeing it, please leave it this unchecked, because if you ever need to submit a spam sample, it helps us track spam patterns.

M2 - Use two methods to set cookies.
This adds a secondary non-JavaScript method to set cookies in addition to the standard JS method.

Help promote WP-SpamShield?
This places a small link under the comments and contact form, letting others know what's blocking spam on your blog. This plugin is provided for free, so this is much appreciated. It's a small way you can give back and let others know about WP-SpamShield.

Contact Form Options
These are self-explanatory.

[ BACK TO TOP ]


Changelog / Version History

For a complete list of changes to the plugin, view the Version History.

[ BACK TO TOP ]


Known Issues and Plugin Conflicts

Plugins that are reported to be incompatible with WP-SpamShield, or have certain compatibility issues.

  1. JetPack
     
    This seems to have numerous issues with a lot of other plugins because it alters some of WordPress's core functionality. The Comments Module is not compatible with WP-SpamShield because it changes the core functionality of WordPress's comment system and causes all comments to be blocked. You can use JetPack with WP-SpamShield but the Comments Module will need to stay deactivated. I've also heard reports that the Contact Form module can cause contact forms to send multiple copies of the same email, no matter what contact form you're using. I've added compatibility fixes, but even with that, I imagine more issues will pop up since it conflicts with more than a few plugins. (That being said, I do want to say thank you to the JetPack devs for reaching out to me to try and bridge compatibility issues. That kind of collaborative attitude among developers is much appreciated.)
     
  2. WP-SpamFree
     
    Since WP-SpamShield is a much more advanced fork of WP-SpamFree (I'm its original developer), the two cannot be used at the same time. That would be like using an old, slow, out-of-date version of the same plugin along with the newer, faster, more secure, and more powerful version. There's no benefit to using both plugins...it can only slow your site down to keep WP-SpamFree installed. (The code in WP-SpamFree still contains outdated PHP functions that may no longer work, breaking certain functionality and possibly having unpredictable results on a website. When it was written, the code was current and kept up-to-date, but as PHP has become more advanced certain functions were phased out. There are also reported unpatched security issues.) WP-SpamShield is a plug and play replacement for WP-SpamFree anyway. It will import your old WP-SpamFree settings when you first install it, and all your existing contact forms will work without any modification.
     
  3. Third Party Commenting Systems, such as Disqus and LiveFyre.
    • With Disqus you can use the Contact Form and Registration Spam protection features of WP-SpamShield, but the comment spam protection features of WP-SpamShield will not be available, since Disqus completely bypasses WordPress's comment system.
    • With LiveFyre — it's the same situation — you can use the Contact Form and Registration Spam protection features of WP-SpamShield, but the comment spam protection features of WP-SpamShield will not be available, since LiveFyre also completely bypasses WordPress's comment system.
  4. No others have been reported so far.

Plugins that may have issues with WP-SpamShield. If you plan to use any of these with WP-SpamShield, it's recommended you do some testing. Enabling the option "M2 - Use two methods to set cookies." may also improve the compatibility with plugins in question.

  1. Some front-end anti-spam plugins, including CAPTCHA's, challenge questions, etc.
     
    There's no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
     
  2. No others have been reported so far.

Plugins that previously had compatibility issues, but are now compatible. (Plugins that we've had reports of no conflict whatsoever with recent versions of WP-SpamShield.)

  1. None reported so far.

Other known issues.

  1. CloudFlare Rocket Loader may have some issues.
     

    CloudFlare's Rocket Loader combines and compresses JavaScript on your site in an attempt to speed up your site loading. In theory this is good, but it doesn't give you a lot of control, especially on automatic mode, and that can be a problem. Be careful with this as it is known to break a LOT of scripts, and if you Google "Rocket Loader" you'll find a ton of articles about problems people are having. In many cases it causes more problems than it solves. Also, the workaround CloudFlare provides (adding data-cfasync="false" to your JavaScript links) doesn't work if you've properly coded the links to your scripts in the HEAD of your site (using type="text/javascript"). For WordPress users it's a real problem and I don't recommend using it. The scripts used in this plugin can't be messed with if they are to work properly.

  2. Microsoft Windows IIS Server may have some issues.
     

    Unfortunately WordPress (and PHP in general) has a ton of issues when run on a Microsoft server if it isn't configured properly. WordPress was designed for PHP that is run on Linux/Apache type servers. Occasionally some plugins (and WordPress) may not play well on a Windows server so I highly recommend not using WordPress on a Microsoft web server..
     

    According to the WordPress Codex, "Windows servers don't come with many of the prerequisites for WordPress preinstalled. You will need to obtain this software to install on the server yourself." You can get it to run similarly to a Linux/Apache type server with some work, but it will require extra work, knowledge and configuration on your part...an out-of-the-box IIS server will not always suffice. Because PHP is not native to Microsoft IIS (which was designed to run ASP, PHP's chief rival), and the multitude of issues when running WordPress, WP-SpamShield, and PHP on a Microsoft server, I can only provide limited support for the plugin being used on those systems.

    What does limited support mean? It means I will do my best to make sure the code is compatible with as many systems out there as possible, and when there are issues, I will do my best to help, but being that there are a lot more things that can go wrong when PHP is running on IIS, you need to realize that the issue may not necessarily be the plugin but the server configuration. A plugin that runs perfectly on 99% of PHP systems may have strange issues on an IIS setup. For example some fairly common PHP functions are disabled by default on IIS. If we can't diagnose the problem on your particular system, I may not be able to rewrite the plugin to fix the issue if it will reduce functionality for the 99% where it's working just fine. In fact I recommend not even using WordPress on a Microsoft IIS Server if at all possible. (I understand you don't always have the option to switch because the rest of your site is in ASP or some similar reason.) If you're not convinced, I highly recommend you read: 10 Reasons Why Not to Host Your WordPress Blog on a Windows/IIS Platform.

Please let us know about any undocumented plugins that you suspect conflict, or if you have any other issues. If you have any of these working with WP-SpamShield without issues, let us know.

[ BACK TO TOP ]


Troubleshooting Guide / Support

If you're having trouble getting things to work after installing the plugin, here are a few things to check:

  1. Check the FAQ's.
     
  2. If you haven't yet, please upgrade to the latest version.
     
  3. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamShield page in your Admin. It's a submenu link on the Plugins page. Go to the 'Installation Status' area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamShield in, delete any WP-SpamShield files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over from step 1.
     
  4. Clear your browser's cache, clear your cookies, and restart your browser. Then reload the page.
     
  5. If you are receiving the error message: "Sorry, there was an error. Please enable JavaScript and Cookies in your browser and try again." then you need to make sure JavaScript and cookies are enabled in your browser. (JavaScript is different from Java. Java is not required.) These are enabled by default in web browsers. The status display will let you know if these are turned on or off (as best the page can detect - occasionally the detection does not work.) If this message comes up consistently even after JavaScript and cookies are enabled, then there most likely is an installation problem, plugin conflict, or JavaScript conflict. Read on for possible solutions.
     
  6. If you have multiple domains that resolve to the same server, or are parked on the same hosting account, make sure the domain set in the WordPress configuration options matches the domain where you are accessing the blog from. In other words, if you have people going to your blog using http://www.yourdomain.com/ and the WordPress configuration has: http://www.yourdomain2.com/ you will have a problem (not just with this plugin, but with a lot of things.)
     
  7. Check your WordPress Version. If you are using a release earlier than than the most recent version, you want to upgrade for a whole slew of reasons, including features and security.
     
  8. Check the options you have selected to make sure they are not disabling a feature you want to use.
     
  9. Make sure that you are not using other front-end anti-spam plugins (CAPTCHA's, challenge questions, etc) since there's no longer a need for them, and these could likely conflict. (Back-end anti-spam plugins like Akismet are fine, although unnecessary.)
     
  10. Visit http://www.yourblog.com/wp-content/plugins/wp-spamshield/js/jscripts.php (where yourblog.com is your blog url) and check two things.
     
    First, see if the file comes normally or if it comes up blank or with errors. That would indicate a problem. Submit a support request (see last troubleshooting step) and copy and past any error messages on the page into your message.
     
    Second, check for a 403 Forbidden error. (Or a 404 Not Found error.) That means there is a problem with your file permissions. If the files in the wp-spamshield folder don't have standard permissions (at least 644 or higher for files and 755 for folders) they won't work. (You may need to try 666 for files and 775 for folders.) This usually only happens by manual modification or if you have a restrictive web host, but strange things do happen. The AskApache Password Protect Plugin has caused this error in previous versions (WP-SpamFree), so be sure to check this. Users have reported in the past that using its feature to protect the /wp-content/ directory creates an .htaccess file in that directory that creates improper permissions and conflicts with WP-SpamShield (and most likely other plugins as well). You'll need to disable this feature, or disable the AskApache Password Protect Plugin and delete any .htaccess files it has created in your /wp-content/ directory before using WP-SpamShield.
     
    (AskApache Password Protect Plugin hasn't been tested with WP-SpamShield yet.)
     
    If changing the files permissions does not fix it, then you may need to contact your web host to see why a file that you know is there, does not have appropriate permissions on the server to be shown in a browser. (Occasionally there is a file ownership issue that only a System Administrator can fix.)
     
    One more thing you can do is to add the following lines to your wp-config.php file (WordPress' configuration file...make a backup copy before editing): 

    define('FS_CHMOD_FILE', 0755);
    define('FS_CHMOD_DIR', 0644);

  11. Check for conflicts with other JavaScripts installed on your site. This usually occurs with with JavaScripts unrelated to WordPress or plugins. However some themes contain JavaScripts that aren't compatible. (And some don't have the call to the wp_head() function which is also a problem. Read on to see how to test/fix this issue.) If in doubt, try switching themes. If that fixes it, then you know the theme was at fault. If you discover a conflicting theme, please let us know.
     
  12. Check for conflicts with other WordPress plugins installed on your WordPress site. Although errors don't occur often, this is one of the most common causes of the errors that do occur. I can't guarantee how well-written other plugins will be. First, see the Known Plugin Conflicts list. (JetPack plugin cause issues with a lot of other plugins, so that's one to check first.) If you've disabled any plugins on that list and still have a problem, then proceed.
     
    To start testing for conflicts, temporarily deactivate all other plugins except WP-SpamShield. Then check to see if WP-SpamShield works by itself. (For best results make sure you are logged out and clear your cookies. Alternatively you can use another browser for testing.) If WP-SpamShield allows you to post a comment with no errors, then you know there is a plugin conflict. The next step is to activate each plugin, one at a time, log out, and try to post a comment. Then log in, deactivate that plugin, and repeat with the next plugin. (If possible, use a second browser to make it easier. Then you don't have to keep logging in and out with the first browser.) Be sure to clear cookies between attempts (before loading the page you want to comment on). If you do identify a plugin that conflicts, please let me know so I can work on bridging the compatibility issues.
     
  13. Make sure the theme you are using has the call to wp_head() (which most properly coded themes do) usually found in the header.php file. It will be located somewhere before the </head> tag. If not, you can insert it before the </head> tag and save the file. If you've never edited a theme before, proceed at your own risk:
    1. In the WordPress admin, go to Themes (Appearance) - Theme Editor
    2. Click on Header (or header.php)
    3. Locate the line with </head> and insert <?php wp_head(); ?> before it.
    4. Click 'Save'
       
  14. On the WP-SpamShield Options page in the WordPress Admin, under "General Options", check the option "M2 - Use two methods to set cookies." and see if this helps.
     
  15. If have checked all of these, and still can't quite get it working, please submit a support request at the WP-SpamShield Support Page. ** Be sure to include a list of all plugins currently active on your site...this is very important. ** A super-easy way to do this is to install the plugin Send System Info. Activate it, then go to Tools --> Send System Info, and copy and paste the provided info to the support request.
[ BACK TO TOP ]


Frequently Asked Questions (FAQ's)

[ BACK TO TOP ]


Let Others Know About WP-SpamShield

How does it feel to blog without being bombarded by automated comment spam?
If you're happy with how effectively WP-SpamShield blocks spam on your blog, there's a few things you can do to let others know:

[ BACK TO TOP ]


WordPress Security Note

As with any WordPress plugin, for security reasons, you should only download plugins from the author's site and from official WordPress repositories. When other sites host a plugin that is developed by someone else, they may inject code into that could compromise the security of your blog. We cannot endorse a version of this that you may have downloaded from another site. If you have downloaded the "WP-SpamShield" plugin from another site, please download the current release from the official site (http://www.redsandmarketing.com/plugins/wp-spamshield/).

[ BACK TO TOP ]

 

Download Plugin / Documentation


End Blog Spam! WP-Spamshield Comment Spam Protection for WordPress

Latest Version — 1.4.8: Download Now

Plugin Homepage / Documentation: WP-SpamShield
WordPress.org Page: WP-SpamShield
Leave Comments: WP-SpamShield Release Announcement Blog Post
Tech Support/Questions: WP-SpamShield Support Page
End Blog Spam: Let Others Know About WP-SpamShield!
Twitter: @WPSpamShield

Donate to WP-SpamShield

Happy with WP-SpamShield?
Let others know by giving it a good rating on WordPress.org!
Let others know you like WP-SpamShield with a good rating on WordPress.org!

[ BACK TO TOP ]


Translators

I'd like to give a huge thank you and shout out to all translators that contribute to the plugin!

If anyone would like to donate their talent and some time to translating into your language(s) and/or local dialect(s), it would be much appreciated. If you are interested being a translator, it's not hard to get started — just contact me and I'll get you set up.

[ BACK TO TOP ]